CVE-2017-0045
CVE-2017-0045
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
Affected products
Microsoft Corporation · Windows DVD Makerpublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/41619/unverifiedexploitdbwww.exploit-db.com/exploits/41619unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txthttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0045https://www.exploit-db.com/exploits/41619/http://www.securityfocus.com/bid/96103http://www.securitytracker.com/id/1038015